Add --no-network option (#831)

- Add `--no-network` CLI option which disables all TCP/HTTPS listeners, restricting zenserver to Unix domain socket communication only. 
- Also fixes asio upgrade breakage on main

6 files changed, 41 insertions, 11 deletions

diff --git a/src/zenserver/config/config.cpp b/src/zenserver/config/config.cpp
index 858225032..c550b174c 100644
--- a/src/zenserver/config/config.cpp
+++ b/src/zenserver/config/config.cpp
@@ -153,6 +153,7 @@ ZenServerConfiguratorBase::AddCommonConfigOptions(LuaConfig::Options& LuaOptions
 	LuaOptions.AddOption("network.port"sv, ServerOptions.BasePort, "port"sv);
 	LuaOptions.AddOption("network.forceloopback"sv, ServerOptions.HttpConfig.ForceLoopback, "http-forceloopback"sv);
 	LuaOptions.AddOption("network.unixsocket"sv, ServerOptions.HttpConfig.UnixSocketPath, "unix-socket"sv);
+	LuaOptions.AddOption("network.nonetwork"sv, ServerOptions.HttpConfig.NoNetwork, "no-network"sv);
 	LuaOptions.AddOption("network.https.port"sv, ServerOptions.HttpConfig.HttpsPort, "https-port"sv);
 	LuaOptions.AddOption("network.https.certfile"sv, ServerOptions.HttpConfig.CertFile, "cert-file"sv);
 	LuaOptions.AddOption("network.https.keyfile"sv, ServerOptions.HttpConfig.KeyFile, "key-file"sv);
@@ -324,6 +325,13 @@ ZenServerCmdLineOptions::AddCliOptions(cxxopts::Options& options, ZenServerConfi
 
 	options.add_option("network",
 					   "",
+					   "no-network",
+					   "Disable TCP/HTTPS listeners; only accept connections via --unix-socket",
+					   cxxopts::value<bool>(ServerOptions.HttpConfig.NoNetwork)->default_value("false"),
+					   "");
+
+	options.add_option("network",
+					   "",
 					   "https-port",
 					   "HTTPS listen port (0 = disabled)",
 					   cxxopts::value<int>(ServerOptions.HttpConfig.HttpsPort)->default_value("0"),
@@ -513,6 +521,25 @@ ZenServerCmdLineOptions::ApplyOptions(cxxopts::Options& options, ZenServerConfig
 	}
 #endif
 
+	// Validate --no-network
+	if (ServerOptions.HttpConfig.NoNetwork)
+	{
+		if (ServerOptions.HttpConfig.UnixSocketPath.empty())
+		{
+			throw OptionParseException("'--no-network' requires '--unix-socket' to be set", options.help());
+		}
+#if ZEN_WITH_HTTPSYS
+		if (ServerOptions.HttpConfig.ServerClass == "httpsys")
+		{
+			throw OptionParseException("'--no-network' is not compatible with '--http=httpsys'", options.help());
+		}
+#endif
+		if (ServerOptions.HttpConfig.ServerClass.empty())
+		{
+			ServerOptions.HttpConfig.ServerClass = "asio";
+		}
+	}
+
 	// Validate generic HTTPS options (used by ASIO backend)
 	if (ServerOptions.HttpConfig.HttpsPort > 0)
 	{
diff --git a/src/zenserver/proxy/zenproxyserver.cpp b/src/zenserver/proxy/zenproxyserver.cpp
index 1fd9cd2c4..acfdad45f 100644
--- a/src/zenserver/proxy/zenproxyserver.cpp
+++ b/src/zenserver/proxy/zenproxyserver.cpp
@@ -302,7 +302,7 @@ ZenProxyServer::Initialize(const ZenProxyServerConfig& ServerConfig, ZenServerSt
 
 	// Keep the io_context alive even when there is no pending work, so that
 	// worker threads don't exit prematurely between async operations.
-	m_ProxyIoWorkGuard = std::make_unique<asio::io_context::work>(m_ProxyIoContext);
+	m_ProxyIoWorkGuard.emplace(m_ProxyIoContext.get_executor());
 
 	// Start proxy I/O worker threads. Use a modest thread count — proxy work is
 	// I/O-bound so we don't need a thread per core, but having more than one
@@ -404,7 +404,7 @@ ZenProxyServer::Cleanup()
 			Service->Stop();
 		}
 
-		m_ProxyIoWorkGuard.reset();
+		m_ProxyIoWorkGuard.reset();	 // releases the work guard, allowing io_context to finish
 		m_ProxyIoContext.stop();
 		for (auto& Thread : m_ProxyIoThreads)
 		{
diff --git a/src/zenserver/proxy/zenproxyserver.h b/src/zenserver/proxy/zenproxyserver.h
index 7dad748cf..329ca5235 100644
--- a/src/zenserver/proxy/zenproxyserver.h
+++ b/src/zenserver/proxy/zenproxyserver.h
@@ -7,6 +7,7 @@
 #include "proxy/tcpproxy.h"
 
 #include <memory>
+#include <optional>
 #include <thread>
 #include <vector>
 
@@ -84,13 +85,13 @@ public:
 	void Cleanup();
 
 private:
-	asio::io_context							  m_ProxyIoContext;
-	std::unique_ptr<asio::io_context::work>		  m_ProxyIoWorkGuard;
-	std::vector<std::thread>					  m_ProxyIoThreads;
-	std::vector<std::unique_ptr<TcpProxyService>> m_ProxyServices;
-	std::unique_ptr<HttpApiService>				  m_ApiService;
-	std::unique_ptr<HttpFrontendService>		  m_FrontendService;
-	std::unique_ptr<HttpProxyStatsService>		  m_ProxyStatsService;
+	asio::io_context														  m_ProxyIoContext;
+	std::optional<asio::executor_work_guard<asio::io_context::executor_type>> m_ProxyIoWorkGuard;
+	std::vector<std::thread>												  m_ProxyIoThreads;
+	std::vector<std::unique_ptr<TcpProxyService>>							  m_ProxyServices;
+	std::unique_ptr<HttpApiService>											  m_ApiService;
+	std::unique_ptr<HttpFrontendService>									  m_FrontendService;
+	std::unique_ptr<HttpProxyStatsService>									  m_ProxyStatsService;
 };
 
 }  // namespace zen
diff --git a/src/zenserver/storage/zenstorageserver.cpp b/src/zenserver/storage/zenstorageserver.cpp
index d4b8e37ef..77588bd6c 100644
--- a/src/zenserver/storage/zenstorageserver.cpp
+++ b/src/zenserver/storage/zenstorageserver.cpp
@@ -725,11 +725,11 @@ ZenStorageServer::Run()
 
 	ZEN_INFO(ZEN_APP_NAME " now running (pid: {})", GetCurrentProcessId());
 
-	if (m_FrontendService)
+	if (m_FrontendService && !m_NoNetwork)
 	{
 		ZEN_INFO("frontend link: {}", m_Http->GetServiceUri(m_FrontendService.get()));
 	}
-	else
+	else if (!m_FrontendService)
 	{
 		ZEN_INFO("frontend service disabled");
 	}
diff --git a/src/zenserver/zenserver.cpp b/src/zenserver/zenserver.cpp
index ad8d18dc0..8283f0cbe 100644
--- a/src/zenserver/zenserver.cpp
+++ b/src/zenserver/zenserver.cpp
@@ -101,6 +101,7 @@ ZenServerBase::Initialize(const ZenServerConfig& ServerOptions, ZenServerState::
 	ZEN_MEMSCOPE(GetZenserverTag());
 
 	m_IsPowerCycle = ServerOptions.IsPowerCycle;
+	m_NoNetwork	   = ServerOptions.HttpConfig.NoNetwork;
 
 	const std::string MutexName = fmt::format("zen_{}", ServerOptions.BasePort);
 
diff --git a/src/zenserver/zenserver.h b/src/zenserver/zenserver.h
index 2b9d68aee..374184aa9 100644
--- a/src/zenserver/zenserver.h
+++ b/src/zenserver/zenserver.h
@@ -67,6 +67,7 @@ protected:
 
 	bool		m_IsDedicatedMode		 = false;
 	bool		m_TestMode				 = false;
+	bool		m_NoNetwork				 = false;
 	bool		m_DebugOptionForcedCrash = false;
 	std::string m_ServerMode			 = "Server";